blob: d6f134c9f71a3e2f6c30bc6db5b37609c5fb3cf8 [file] [log] [blame]
Andrey Andreeva381d172012-01-06 19:19:37 +02001<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
Derek Allard2067d1a2008-11-13 22:59:24 +00002/**
3 * CodeIgniter
4 *
Phil Sturgeon07c1ac82012-03-09 17:03:37 +00005 * An open source application development framework for PHP 5.2.4 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +00006 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -05007 * NOTICE OF LICENSE
Andrey Andreeva381d172012-01-06 19:19:37 +02008 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -05009 * Licensed under the Open Software License version 3.0
Andrey Andreeva381d172012-01-06 19:19:37 +020010 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -050011 * This source file is subject to the Open Software License (OSL 3.0) that is
12 * bundled with this package in the files license.txt / license.rst. It is
13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
Derek Allard2067d1a2008-11-13 22:59:24 +000019 * @package CodeIgniter
Derek Jonesf4a4bd82011-10-20 12:18:42 -050020 * @author EllisLab Dev Team
Greg Aker0defe5d2012-01-01 18:46:41 -060021 * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
Derek Jonesf4a4bd82011-10-20 12:18:42 -050022 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
Derek Allard2067d1a2008-11-13 22:59:24 +000023 * @link http://codeigniter.com
24 * @since Version 1.0
25 * @filesource
26 */
27
Derek Allard2067d1a2008-11-13 22:59:24 +000028/**
29 * CodeIgniter Security Helpers
30 *
31 * @package CodeIgniter
32 * @subpackage Helpers
33 * @category Helpers
Derek Jonesf4a4bd82011-10-20 12:18:42 -050034 * @author EllisLab Dev Team
Derek Allard2067d1a2008-11-13 22:59:24 +000035 * @link http://codeigniter.com/user_guide/helpers/security_helper.html
36 */
37
38// ------------------------------------------------------------------------
39
40/**
41 * XSS Filtering
42 *
Derek Allard2067d1a2008-11-13 22:59:24 +000043 * @param string
Derek Jonesf0bcb3c2009-02-10 18:40:21 +000044 * @param bool whether or not the content is an image file
Derek Allard2067d1a2008-11-13 22:59:24 +000045 * @return string
Barry Mienydd671972010-10-04 16:33:58 +020046 */
Derek Allard2067d1a2008-11-13 22:59:24 +000047if ( ! function_exists('xss_clean'))
48{
Derek Jonesf0bcb3c2009-02-10 18:40:21 +000049 function xss_clean($str, $is_image = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +000050 {
51 $CI =& get_instance();
Derek Jones11b1e512010-03-05 10:22:44 -060052 return $CI->security->xss_clean($str, $is_image);
Derek Allard2067d1a2008-11-13 22:59:24 +000053 }
54}
55
Derek Allard4433f422010-07-23 08:47:34 -040056// ------------------------------------------------------------------------
57
58/**
59 * Sanitize Filename
60 *
Derek Allard4433f422010-07-23 08:47:34 -040061 * @param string
62 * @return string
Barry Mienydd671972010-10-04 16:33:58 +020063 */
Derek Allard4433f422010-07-23 08:47:34 -040064if ( ! function_exists('sanitize_filename'))
65{
66 function sanitize_filename($filename)
67 {
68 $CI =& get_instance();
69 return $CI->security->sanitize_filename($filename);
70 }
71}
72
Derek Allard2067d1a2008-11-13 22:59:24 +000073// --------------------------------------------------------------------
74
75/**
76 * Hash encode a string
77 *
Derek Allard2067d1a2008-11-13 22:59:24 +000078 * @param string
79 * @return string
Barry Mienydd671972010-10-04 16:33:58 +020080 */
Derek Allard8719a5c2009-10-08 16:42:59 +000081if ( ! function_exists('do_hash'))
Barry Mienydd671972010-10-04 16:33:58 +020082{
Derek Allard8719a5c2009-10-08 16:42:59 +000083 function do_hash($str, $type = 'sha1')
Derek Allard2067d1a2008-11-13 22:59:24 +000084 {
Andrey Andreev7eea3062012-03-19 12:58:45 +020085 if ( ! in_array(strtolower($type), hash_algos()))
Andrey Andreev50bff7c2012-03-19 12:16:38 +020086 {
87 $type = 'md5';
88 }
89
freewil8840c962012-03-18 15:23:09 -040090 return hash($type, $str);
Derek Allard2067d1a2008-11-13 22:59:24 +000091 }
92}
Barry Mienydd671972010-10-04 16:33:58 +020093
Derek Allard2067d1a2008-11-13 22:59:24 +000094// ------------------------------------------------------------------------
95
96/**
97 * Strip Image Tags
98 *
Derek Allard2067d1a2008-11-13 22:59:24 +000099 * @param string
100 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200101 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000102if ( ! function_exists('strip_image_tags'))
103{
104 function strip_image_tags($str)
105 {
Andrey Andreev50bff7c2012-03-19 12:16:38 +0200106 return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000107 }
108}
Barry Mienydd671972010-10-04 16:33:58 +0200109
Derek Allard2067d1a2008-11-13 22:59:24 +0000110// ------------------------------------------------------------------------
111
112/**
113 * Convert PHP tags to entities
114 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000115 * @param string
116 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200117 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000118if ( ! function_exists('encode_php_tags'))
119{
120 function encode_php_tags($str)
121 {
Derek Jones37f4b9c2011-07-01 17:56:50 -0500122 return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000123 }
124}
125
Derek Allard2067d1a2008-11-13 22:59:24 +0000126/* End of file security_helper.php */
Andrey Andreeve92df332012-03-26 22:44:20 +0300127/* Location: ./system/helpers/security_helper.php */